<?
require_once 'clogin.inc.php';
require_once 'admin_head.php';
require_once '../function.php';
?>

<? 
$model_name ='用户';
if ($_SESSION["adminid"] !=1 ){
	if ($_GET['id'] != $_SESSION["uid"] || empty($_GET['id']) ||($_POST && $_POST['id'] != $_SESSION["uid"] )){
		showmsg($_SESSION["username"]."你没有权限！你的权限级别是：".$_SESSION["adminid"],'失败','return','返回');
		
	}	
	

}


if ($_POST['action'] == 'edit'){

	
	$id = intval($_POST['id']);
	$username = trim($_POST['username']);
	$password = trim($_POST['password']);
	$password2 = $_POST['password2'];
	
	
	$adminid = $_POST['adminid'];
	empty($adminid) ? $adminid = 0 : 0;
/*	echo $id;
	echo $sitename;
	echo $url;
	echo $info;
	echo $displayid;*/

	if (empty($id)) {
		if(!$username ){
		 showmsg("请输入用户名","错误","return");
		}
		!empty($password) ? $password = md5($password) :  showmsg("请输入密码","请输入密码","return");
		$sql = "INSERT INTO {$tablepre}user (username, password, adminid) 
				VALUES('$username', '$password', '$adminid')";
		$edit = '添加';		
	}else{
	
		!empty($password) ? $password = md5($password) : $password = $password2;
		if ($_SESSION["adminid"] ==1 ){
			$asql = ", adminid = '$adminid'";
		}
		if( $password != $password2){
			$asql .= ", password = '$password'";
		}
		
		$sql = "UPDATE {$tablepre}user SET username = '$username' $asql WHERE uid = $id LIMIT 1";
	
		$edit = '修改';	
	} 

	mysql_query($sql); 	

	if ( mysql_affected_rows() == 1 ) {
		if(mysql_insert_id()) $id = mysql_insert_id();
		 showmsg("{$model_name}{$edit}成功！",'成功',"?id=$id",'返回');
		
	}else{
		 showmsg("{$model_name}{$edit}失败或没有修改！",'失败',"return",'返回');
	}
	
}
if ($_GET['id']) {
	$id = intval($_GET['id']);
	$sql = "SELECT * FROM {$tablepre}user WHERE uid = $id ";
	$result=mysql_query($sql); 
	$eusers = mysql_fetch_array($result);
}
?>

<?php if ($_SESSION["adminid"] ==1 ){?>
<div class="admin_menu_user"><ul>
<?
$sql = "SELECT * FROM {$tablepre}user";
$result=mysql_query($sql); 
while($user = mysql_fetch_array($result)) {
?> 
  <li><a href="#"><? echo $user['username'] ?> </a><a href="admin_user.php?id=<? echo $user['uid'] ?>" class="right">[编辑]</a> </li>
<? 
};
?>
</ul></div>
<?php }?>
<div class="edit">
<div class="title">
<?php 
if ($_GET['id']) {
	echo "编辑用户： $eusers[username]  信息";
	if ($_SESSION["adminid"] ==1 ){
		echo " [<a href=\"admin_user.php\">添加一个新的</a>]";
	}
	$disabled = 'readonly';
}else{
	echo "添加用户信息";
}
?></div>
<form id="form1" name="form1" method="post" action="">

<input name="action" type="hidden" value="edit" />
<input name="id" type="hidden" value="<? echo $eusers['uid'] ?>" />

	<br /><p>
	  <label>用户名：</label> 
		<?php if ($_GET['id']) {?>
		<? echo $eusers['username'] ?>
			<input name="username" type="hidden" id="username" value="<? echo $eusers['username'] ?>" />
		<?php } else { ?>
			<input name="username" type="text" id="username" value="" size="30"/>
		<?php }  ?>
		  
	</p>
		
		<p>
		  <label>密　码：</label>
		
  <input name="password" type="password" id="password" size="30" maxlength="16"  />
  
  <input name="password2" type="hidden" value="<? echo $eusers['password'] ?>" />
  如不修改请不要改动!</p>
	
<?php if ($_SESSION["adminid"] ==1 ){?>	
		<p>
		  <label>权　限：</label>
		  <input name="adminid" type="text" id="adminid" value="<? echo $eusers['adminid'] ?>" size="5" />
        </p>
<?php }?>	
		
		<p><label>说明：</label>
        
         <textarea name="info" id="info" cols="38" rows="5"><? echo $eusers['info'] ?></textarea> 
		 
        </p>
       
        <label></label><p>&nbsp;</p>
        <p>
         
          <input type="submit" name="Submit" value="提交" />
        
        </p>
</form></div>
<p>&nbsp;</p>

</body>
</html>